1. /
  2. Security Response/
  3. Security Updates Detail

Symantec Enterprise Security Manager - Symantec™ Enterprise Security Manager – Update for Application tab issue for ESM 9.0.1 agents

February 28, 2011

Description

Overview

 Symantec™ Enterprise Security Manager – Update for ESM 9.0.1 Agents, provides information about the fix for the following issue: 

 

When you perform a Live Update on an ESM 9.0.1 Windows agent, the application tab of agent properties gets updated with information of the applications that are not installed on the agent.

 

Symantec Response

 

Symantec has released the fix for the above issue, that consists of esmc and esmagent binaries, which can be  deployed using the remote upgrade process.  The esmc binary now has the functionality to remove entries of all application modules from the agent using the following command:

 

remove application “agent_name” –a

 

After policy run, the agent properties will show the actual application modules installed on the agent.

 

The ESM 9.0.1 Agent update contains the Mini RU (Remote Upgrade) package which consists of esmc and esmagent binaries for deploying the fix on ESM 9.0.1 agents. The update also consists of ESM manager binaries, which are applicable to ESM 9.0.1 and ESM 10.0 managers.

 

Note: You must replace the ESM manager binaries, before you apply the remote upgrade fix using the remote upgrade process.

 

This fix is applicable to the following platforms:

  • Windows 2000 Professional, Advanced, and Server (Intel) 
  • Windows Server 2003 (EM64T/Opteron) 
  • Windows Server 2003 (Intel) 
  • Windows Server 2003 (Itanium) 
  • Windows Server 2008 (EM64T/Opteron), Core and GUI 
  • Windows 2008 (x86) GUI 
  • Windows 2008 R2 (x64, IA64) Core and GUI 
  • Windows 7 (x86, x64) 

To apply the fix for agents with ESM agent 9.0.1 installed

 

Follow the steps given below to apply the fix:

  1. Apply the LU package that consists of the preru901 module.
    http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=esm&pvid=pu&year=2010&suid=20101018_00

  2. Replace the following files on ESM Manager:
  3. Apply the Mini RU package, which replaces the existing esmc and esmagent binaries. Access the following link:
    http://www.symantec.com/avcenter/security/ESM/PU/ESM901/Mini_RU/MiniRU.zip
  4. Using the esmc binary in the above fix, login to the manager to which the agent is registered.
    Run the following command to remove entries of all application modules from the agent:

    C:\Program Files\Symantec\Enterprise Security Manager\ESM\bin\<Platform>\esmc  -m <manager_name> -U <user> -P <password> -p 5600
     
    remove application “agent_name” –a

  5. Run a policy on the agent to view the information of application modules on the agent. The agent properties will show the actual application modules installed on the agent. 

 

To replace the ESM Manager binary on Windows, do the following:

  1. Download the zip file from the following link:
    For ESM 9.0.1 Manager :
     
    http://www.symantec.com/avcenter/security/ESM/PU/ESM901/Windows/Windows.zip
    For ESM 10.0 Manager:
    http://www.symantec.com/avcenter/security/ESM/PU/ESM10/Windows/Windows.zip

  2. Ensure that no policies are running on the ESM Manager. 
  3. Stop the Symantec Enterprise Security Manager Service from the services console. 
  4. Take a backup of the existing ESM Manager binary i.e. esmmangner.exe and version.dat,  that is present at
    <Install_dir>\Symantec\ESM\bin\<platform_dir>
    Note: You do not have to replace version.dat on ESM 10.0 manager. 
  5. Navigate to the <Install_dir>.
    By default the install_dir is located at: C:\Program Files\Symantec\Enterprise Security Manager\bin\<platform>.
     
  6. Replace the esmmanager.exe and version.dat with the files extracted in step a.
    Note: You do not have to replace version.dat on ESM 10.0 manager. 
  7. Restart the Enterprise Security Manager Service. 

To replace the ESM Manager binary on UNIX, do the following:

  1. Download the zip file from the following link:
    For ESM 9.0.1 Manger:
    http://www.symantec.com/avcenter/security/ESM/PU/ESM901/UNIX/Solaris-Sparc.zip
    For ESM 10.0 Manager:
    http://www.symantec.com/avcenter/security/ESM/PU/ESM10/UNIX/Solaris-Sparc.zip

  2. Extract the following files to a suitable location on your local computer:
    • esmcifd 
    • esmnetd 
    • version.dat 
    Note: You do not have to extract version.dat for ESM 10.0 manager.
  3. Stop the ESM daemons by typing the following command:
    /esm/esmrc stop
     
  4. Take a backup of the files mentioned in step a above from the following location:
    /esm/bin/<platform>/
     
  5. Replace the existing files with the files extracted in step a. 
  6. Change the permission of the files you replaced in step e to be executable.
    Type the following command:
    chmod +x esmcifd
    chmod +x esmnetd
    chmod +x version.dat
    Note: You do not have to change permission of version.dat for ESM 10.0 manager. 
  7. Start the ESM daemons by typing the following command:
    /esm/esmrc start 
* Signature names may have been updated to comply with an updated IPS Signature naming convention. See http://www.symantec.com/business/support/index?page=content&id=TECH152794&key=54619&actp=LIST for more information.
Last modified on: February 28, 2011
Security Response Blog
The State of Spam